I have a document that I need to collaboratively edit with some colleagues. Trying to do this with a standard shared file is a recipe for disaster, so I'd love to use Google Docs instead. However, the document contains sensitive information and we can't store it on a service that's not authorized by our organization.
Our organization has an enterprise account with Box.com on which we are authorized to store sensitive files. And I see that Box has Google Docs integration. What I'm not sure about is whether the document is stored on Box in terms of security, auditability, etc, or whether it's just a regular Google Doc that I can access through my Box account for convenience. Are Google Docs created and accessed through Box reliably as secure as my other Box files?
Best Answer
The document is still accessible through your linked Google account, just as if it were stored on Google Drive. This means that Box does not provide any additional security*.
Granted, Google is pretty secure itself, but this can be an issue if you are storing data covered by HIPAA or other strict privacy regulations. It also means that the document can be accessed if any collaborator's Google account is compromised. In fact, since the document is now accessible through either their institutional account or their Google account, it's less secure than a normal Google doc.
Also, my team ran into major versioning issues with this feature -- some changes were saved to a new copy of the document on my Google Drive and not to the version on Box. There also seem to be a lot of edit conflicts caused by inconsistent autosaving.
* The document itself could be stored by Box, but this is only relevant for scenarios where someone breaks into the server itself. It's drastically more likely that any security breach will be accomplished by compromising the account of a user who has access to the file.